home

7z920_downloader.exe

The application 7z920_downloader.exe has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a setup program which is used to install the application. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. The file has been seen being downloaded from www.instalki.pl.
MD5:
846a78590bae693b8e79a5ec7a4fb807

SHA-1:
7c57bdd25adc290259bca50ba270e83a2c57c266

SHA-256:
ad8f00e4851dd04b71842f197ba3e86faf98d071a2b70db1c7fdb6bdd1d132e0

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
1/13/2025 7:32:05 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Trojan/Win32.ADH
2013.07.09

Avira AntiVirus
ADWARE/InstallCore.Gen
7.11.89.134

AVG
Generic5
2017.0.2663

Bitdefender
Adware.Generic.250245
1.0.20.1075

Comodo Security
UnclassifiedMalware
16569

Dr.Web
Adware.InstallCore.55
9.0.1.0215

Emsisoft Anti-Malware
Adware.Generic.250245
8.16.08.02.01

ESET NOD32
Win32/InstallCore.AF (variant)
10.8543

Fortinet FortiGate
Adware/Fam.NB
8/2/2016

F-Prot
W32/InstallCore.G.gen
v6.4.7.1.166

F-Secure
Adware.Generic.250245
11.2016-02-08_3

G Data
Adware.Generic.250245
16.8.22

IKARUS anti.virus
AdWare.SuspectCRC
t3scan.2.0.3.0

K7 AntiVirus
Unwanted-Program
13.170.8978

McAfee
Artemis!846A78590BAE
5600.6319

Panda Antivirus
Suspicious file
16.08.02.01

Reason Heuristics
PUP.InstallCore.ENG (M)
16.8.2.13

Trend Micro House Call
TROJ_GEN.RCBC8IM
7.2.215

Trend Micro
TROJ_GEN.RCBC8IM
10.465.02

Vba32 AntiVirus
BScope.Malware-Cryptor.InstallCore.2691
3.12.22.2

VIPRE Antivirus
Trojan.Win32.Generic
19420

File size:
1.1 MB (1,124,304 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\7z920_downloader.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:H/XiXhHA0MxNkRh+GVVNWYgQBI6IE3q0FDM2VE6gUdAWte8:Hp00kRhVVeYPBIvE3q0FLEDUSWte

Entry address:
0xCED10

Entry point:
55, 8B, EC, 83, C4, F0, B8, 90, 2C, 40, 00, E8, F7, E2, FF, FF, C3, 8B, C8, 33, 11, F7, C2, FE, FF, FF, FF, 74, 0A, C7, 05, C0, 05, 47, 00, 05, 00, 00, 00, F6, 01, 01, 74, 20, 8B, D0, 83, EA, 0C, 8B, 72, 08, 2B, C6, 3B, 70, 08, 74, 0A, C7, 05, C0, 05, 47, 00, 06, 00, 00, 00, E8, 8A, FE, FF, FF, 03, DE, 8B, C3, 5E, 5B, C3, 8D, 40, 00, 53, 56, 57, 8B, D8, 33, FF, 8B, 03, A9, 00, 00, 00, 80, 74, 0B, 25, FC, FF, FF, 7F, 03, F8, 03, D8, 8B, 03, A8, 02, 75, 13, 8B, F3, 8B, C6, E8, 58, FE, FF, FF, 8B, 46, 08, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
841 KB (861,184 bytes)

The file 7z920_downloader.exe has been seen being distributed by the following URL.

http://www.instalki.pl/.../get_7-Zip.php

Remove 7z920_downloader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.